Defensive Design
If you build a bridge, you must ensure it does not collapse when a heavy truck drives over it. Anticipating Misuse ensures your code does not crash when users do silly things.
The Defences
Authentication
Verifying identity before granting access to a system. The classic example in an exam is creating a routine that checks a username and password.
IF pass == "Secret123" THEN
print("Access Granted")
ELSE
print("Access Denied")
Input Validation
You cannot trust users. Validation means checking data against limits (e.g. Length checks, Range checks, Presence checks) before accepting it.
- Range Check: Age must be 1-100.
- Length Check: Password > 8 chars.
- Presence Check: Field cannot be blank.
- Format Check: Email must contain '@'.
Examiner's Eye - The 'IF' Statement Trap
If an exam asks you to validate an input (e.g. asking for an age under 100), DO NOT just use an IF statement! If a user gets it wrong, an IF statement only asks them to try again once. If they get it wrong a second time, the code continues and breaks. To achieve full marks, you MUST use a WHILE loop to permanently trap them until they enter valid data.
Defensive Design Masterclass
Learn how to build robust, secure software by anticipating misuse. Walk through Python code for range, presence, length, format, and type checks.
Master the difference between Authentication and Validation, and learn how to upgrade your code using WHILE loops to create relentless user traps for data entry.
The Validation Loop Gateway
Below is a 'While Loop' trapping mechanism. Your task is to set a User ID between 100 and 999. See how the WHILE loop relentlessly denies invalid ranges until the condition is met.
WHILE (userID < 100) OR (userID > 999):
print("Invalid!")
userID = input()
print("Saved!")
Check Your Understanding
1. What is the fundamental difference between Authentication and Validation?
2. An algorithm needs to ensure a user enters a password longer than 8 characters. Which control structure MUST be used to ensure the user cannot proceed until they comply?
3. In Python, which of the following methods can be used to perform a 'Type Check' to ensure a user has entered a digit rather than letters?
Written Exam Scenario (AO2/AO3)
Stretch (Grade 9)"Write a robust algorithm using pseudocode or Python that asks for a 4-digit PIN. The code must check that the PIN is not exactly '1234'. It must use a validation loop to repeatedly reject the user and ask them again until they provide a different, valid PIN. Include briefly commented code." (6 marks)
pin = input("Enter your 4-digit PIN: ")
# The validation loop trapping the exact value check
WHILE pin == "1234":
print("Error! You cannot use the default PIN. Try again.")
# Asking inside the loop allows the variable to update and escape
pin = input("Enter a new 4-digit PIN: ")
ENDWHILE
print("PIN accepted!")
M1: Capturing initial input into a variable.
M2: Using a WHILE loop construct.
M3: Correct Boolean logic condition (pin == "1234").
M4: Outputting an error message inside the loop.
M5: Re-capturing the input INSIDE the loop to prevent an infinite loop crash.
M6: Using comments to explain code intent.